1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
This commit is contained in:
Zdenek Dohnal
parent
6e358e5eae
commit
e88cea2bbe
|
|
@ -0,0 +1,42 @@
|
|||
diff --git a/cups/ppd.c b/cups/ppd.c
|
||||
index ff52df2e..199cf034 100644
|
||||
--- a/cups/ppd.c
|
||||
+++ b/cups/ppd.c
|
||||
@@ -1719,8 +1719,7 @@ _ppdOpen(
|
||||
constraint->choice1, constraint->option2,
|
||||
constraint->choice2))
|
||||
{
|
||||
- case 0 : /* Error */
|
||||
- case 1 : /* Error */
|
||||
+ default : /* Error */
|
||||
pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
|
||||
goto error;
|
||||
|
||||
diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx
|
||||
index c25d4966..236c00db 100644
|
||||
--- a/ppdc/ppdc-source.cxx
|
||||
+++ b/ppdc/ppdc-source.cxx
|
||||
@@ -1743,15 +1743,17 @@ ppdcSource::get_resolution(ppdcFile *fp)// I - File to read
|
||||
|
||||
switch (sscanf(name, "%dx%d", &xdpi, &ydpi))
|
||||
{
|
||||
- case 0 :
|
||||
- _cupsLangPrintf(stderr,
|
||||
- _("ppdc: Bad resolution name \"%s\" on line %d of "
|
||||
- "%s."), name, fp->line, fp->filename);
|
||||
- break;
|
||||
case 1 :
|
||||
ydpi = xdpi;
|
||||
break;
|
||||
- }
|
||||
+ case 2 :
|
||||
+ break;
|
||||
+ default :
|
||||
+ _cupsLangPrintf(stderr,
|
||||
+ _("ppdc: Bad resolution name \"%s\" on line %d of "
|
||||
+ "%s."), name, fp->line, fp->filename);
|
||||
+ break;
|
||||
+}
|
||||
|
||||
// Create the necessary PS commands...
|
||||
snprintf(command, sizeof(command),
|
||||
|
|
@ -15,7 +15,7 @@ Summary: CUPS printing system
|
|||
Name: cups
|
||||
Epoch: 1
|
||||
Version: 2.2.12
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
License: GPLv2+ and LGPLv2+ with exceptions and AML
|
||||
Url: http://www.cups.org/
|
||||
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
|
||||
|
|
@ -109,6 +109,8 @@ Patch43: cups-default-lpoptions.patch
|
|||
# 1822154 - cups.service doesn't execute automatically on request
|
||||
# https://github.com/apple/cups/issues/5708
|
||||
Patch44: cups-autostart-when-enabled.patch
|
||||
# 1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
|
||||
Patch45: cups-ppdopen-heap-overflow.patch
|
||||
|
||||
##### Patches removed because IMHO they aren't no longer needed
|
||||
##### but still I'll leave them in git in case their removal
|
||||
|
|
@ -362,6 +364,8 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
|
|||
%patch43 -p1 -b .default-lpoptions
|
||||
# 1822154 - cups.service doesn't execute automatically on request
|
||||
%patch44 -p1 -b .autostart-when-enabled
|
||||
# 1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
|
||||
%patch45 -p1 -b .ppdopen-heap-overflow
|
||||
|
||||
# if cupsd is set to log into /var/log/cups, then 'MaxLogSize 0' needs to be
|
||||
# in cupsd.conf to disable cupsd logrotate functionality and use logrotated
|
||||
|
|
@ -774,6 +778,9 @@ rm -f %{cups_serverbin}/backend/smb
|
|||
%{_mandir}/man5/ipptoolfile.5.gz
|
||||
|
||||
%changelog
|
||||
* Tue Apr 21 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.12-8
|
||||
- 1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
|
||||
|
||||
* Mon Apr 20 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.12-7
|
||||
- 1822154 - cups.service doesn't execute automatically on request
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue